Forwarded from CloudSec Wine (Артем Марков)
🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Bishop Fox
Cloud 9: Top Cloud Penetration Testing Tools
Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.
Forwarded from SecurityLab.ru
В WhatsApp и других VoIP-приложениях обнаружены RCE-уязвимости
— Мессенджер WhatsApp и другие популярные VoIP-приложения используют библиотеку с открытым исходным кодом PJSIP, содержащую критические уязвимости удаленного выполнения кода.
— Успешная эксплуатация уязвимостей позволяет злоумышленнику удаленно выполнить код в приложении, использующем библиотеку PJSIP.
— По данным сайта Asterisk, программное обеспечение насчитывает около 2 млн загрузок в год и работает на 1 млн серверов в 170 странах.
https://www.securitylab.ru/news/530390.php
— Мессенджер WhatsApp и другие популярные VoIP-приложения используют библиотеку с открытым исходным кодом PJSIP, содержащую критические уязвимости удаленного выполнения кода.
— Успешная эксплуатация уязвимостей позволяет злоумышленнику удаленно выполнить код в приложении, использующем библиотеку PJSIP.
— По данным сайта Asterisk, программное обеспечение насчитывает около 2 млн загрузок в год и работает на 1 млн серверов в 170 странах.
https://www.securitylab.ru/news/530390.php
SecurityLab.ru
В WhatsApp и других VoIP-приложениях обнаружены RCE-уязвимости
Программы используют библиотеку с открытым исходным кодом PJSIP, содержащую критические проблемы.
Forwarded from Пост Лукацкого
В IETF идет обсуждение проекта свежего RFC (внесен в конце января этого года) по индикаторам компрометации
IETF Datatracker
Indicators of Compromise (IoCs) and Their Role in Attack Defence
Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It…
Hello,
We are writing to update ISACA members in Russia about the consequences of sanctions imposed as a result of the recent events in Ukraine.
As you may know, a number of sanctions against Russia have been imposed by the EU, US and others. The sanctions picture is very complicated and evolving, with the full impact and consequences still not entirely clear to anyone at this time.
To ensure we are in compliance with all legal requirements, ISACA is suspending all transactions via our website, and by any other means, with Russia.
For the time being, any member or certification holder whose membership or certification is due for renewal during this period will have their membership or certification extended to maintain the status quo while we continue to evaluate the requirements and effect of the applicable sanctions. This may of course have to change depending on how the sanctions situation changes and other developments that occur, and we will do our best to keep you apprised of any changes.
We appreciate your patience, understanding, and support during this difficult time, and we will share further updates as information becomes available.
Best regards,
David
David Samuelson
Chief Executive Officer
We are writing to update ISACA members in Russia about the consequences of sanctions imposed as a result of the recent events in Ukraine.
As you may know, a number of sanctions against Russia have been imposed by the EU, US and others. The sanctions picture is very complicated and evolving, with the full impact and consequences still not entirely clear to anyone at this time.
To ensure we are in compliance with all legal requirements, ISACA is suspending all transactions via our website, and by any other means, with Russia.
For the time being, any member or certification holder whose membership or certification is due for renewal during this period will have their membership or certification extended to maintain the status quo while we continue to evaluate the requirements and effect of the applicable sanctions. This may of course have to change depending on how the sanctions situation changes and other developments that occur, and we will do our best to keep you apprised of any changes.
We appreciate your patience, understanding, and support during this difficult time, and we will share further updates as information becomes available.
Best regards,
David
David Samuelson
Chief Executive Officer
👍2
Forwarded from AM Live
У NVIDIA украли также сертификат, которым можно подписать Windows-зловреда
https://www.anti-malware.ru/news/2022-03-05-114534/38288
https://www.anti-malware.ru/news/2022-03-05-114534/38288
Anti-Malware
У NVIDIA украли также сертификат, которым можно подписать Windows-зловреда
Просматривая многочисленные файлы, украденные у NVIDIA и слитые в Сеть, исследователи обнаружили два сертификата разработчика. Как оказалось, вирусописатели тоже нашли их и начали использовать,
👍1
Forwarded from CloudSec Wine (Артем Марков)
🔶 Let’s Architect! Architecting for Security
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
https://cloudsecurityalliance.org/artifacts/saas-governance-best-practices-for-cloud-customers/
"In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of Software as a Service (SaaS) Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination."
"In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of Software as a Service (SaaS) Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination."
CSA
SaaS Governance Best Practices for Cloud Customers | CSA
👍1